Skip to main content
NetApp Knowledge Base

TCP Reassembly Queue Overflows Lead to Poor Performance and Possible Application Disruption on 8.2.5P2 7-mode or ONTAP 9.1P16

Views:
1,887
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
7dot
Last Updated:

Applies to

  • ONTAP 9.1 
  • Data ONTAP 8.2 7-Mode 

Issue

A security vulnerability fix in the ONTAP networking stack causes Transmission Control Protocol (TCP) performance to degrade and causes ONTAP to send invalid Selective Acknowledgement (SACK) options in the header of TCP packets. These invalid SACK options can expose an issue in some client networking stacks, causing the clients to fail to retransmit packets on normal retransmit timeout intervals. This interaction can cause application outages. For example, this problem may lead to NFS timeouts or SnapMirror failures.

Signature 

7-mode 8.2.5P2

Command: netstat -s -p tcp 

Counter: <no. packets> discarded because reassembly queue overflow 

ONTAP 9.1P16

Commands: 

node run -node <node> netstat -s -p tcp 

systemshell -node <node> netstat -s -p tcp 

Counters:  

For node level command: 

<no. packets> discarded because reassembly queue overflow 

For systemshell level command: 

<no. packets> discarded due to memory problems 

  • A packet-trace is needed during a problem to confirm if invalid SACK packets are being sent on the affected ONTAP versions. The invalid SACK packets will have an ACK value between one of the SACK left and right edge pairs. 

For each SACK range: 

If (SACK left edge <= ACK Value < SACK right edge) then an invalid SACK packet is confirmed.

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.